CVE-2022-22997

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*
OR cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

20 Jul 2022, 15:24

Type Values Removed Values Added
First Time Linux
Westerndigital
Westerndigital my Cloud Home Duo Firmware
Westerndigital my Cloud Home Firmware
Linux linux Kernel
Westerndigital my Cloud Home
Westerndigital my Cloud Home Duo
References (MISC) https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107 - (MISC) https://www.westerndigital.com/support/product-security/wdc-22009-my-cloud-home-firmware-version-8-7-0-107 - Vendor Advisory
CPE cpe:2.3:h:westerndigital:my_cloud_home:-:*:*:*:*:*:*:*
cpe:2.3:o:westerndigital:my_cloud_home_duo_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:westerndigital:my_cloud_home_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:westerndigital:my_cloud_home_duo:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CWE CWE-78

12 Jul 2022, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-07-12 21:15

Updated : 2023-12-10 14:35


NVD link : CVE-2022-22997

Mitre link : CVE-2022-22997

CVE.ORG link : CVE-2022-22997


JSON object : View

Products Affected

westerndigital

  • my_cloud_home_duo
  • my_cloud_home_firmware
  • my_cloud_home_duo_firmware
  • my_cloud_home

linux

  • linux_kernel
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')